/**
 * OWASP GoatDroid Project
 * 
 * This file is part of the Open Web Application Security Project (OWASP)
 * GoatDroid project. For details, please see
 * https://www.owasp.org/index.php/Projects/OWASP_GoatDroid_Project
 *
 * Copyright (c) 2011 - The OWASP Foundation
 * 
 * GoatDroid is published by OWASP under the GPLv3 license. You should read and accept the
 * LICENSE before you use, modify, and/or redistribute this software.
 * 
 * @author Jack Mannino, nVisium Security (https://www.nvisiumsecurity.com)
 * @created 2011
 */
package org.owasp.goatdroid.fourgoats.webservice.comments;

import java.sql.SQLException;
import java.util.ArrayList;
import java.util.HashMap;
import org.owasp.goatdroid.fourgoats.webservice.Constants;
import org.owasp.goatdroid.fourgoats.webservice.Salts;
import org.owasp.goatdroid.fourgoats.webservice.comments.beans.CommentListBean;
import org.owasp.goatdroid.fourgoats.webservice.comments.beans.CommentsBean;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginImpl;
import org.owasp.goatdroid.fourgoats.webservice.login.LoginUtils;
import org.owasp.goatdroid.fourgoats.webservice.validators.Validators;

public class CommentsImpl {

	static public CommentsBean addComment(String sessionToken, String comment,
			String checkinID) {

		CommentsBean bean = new CommentsBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			if (Validators.validateCommentFields(comment, checkinID)) {
				try {
					CommentsDAO dao = new CommentsDAO();
					String userID = dao.getUserID(sessionToken);
					String checkinOwner = dao.getCheckinOwner(checkinID);
					if (checkinOwner.equals(userID)
							|| dao.isFriend(userID, checkinOwner)) {
						String commentID = LoginUtils.generateSaltedSHA256Hash(
								userID + comment + checkinID,
								Salts.COMMENT_ID_GENERATOR_SALT
										+ LoginUtils.getTimeMilliseconds());
						String dateTime = LoginUtils.getCurrentDateTime();
						dao.insertComment(dateTime, commentID, userID, comment,
								checkinID);
						dao.closeConnection();
						bean.setSuccess(true);
						return bean;
					} else {
						dao.closeConnection();
						errors.add(Constants.NOT_AUTHORIZED);
					}
				} catch (InstantiationException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (IllegalAccessException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (ClassNotFoundException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (SQLException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				}
			} else
				errors.add(Constants.UNEXPECTED_ERROR);
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setSuccess(false);
		bean.setErrors(errors);
		return bean;
	}

	static public CommentsBean removeComment(String sessionToken,
			String commentID) {

		CommentsBean bean = new CommentsBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {

			if (Validators.validateIDFormat(commentID)) {
				try {
					CommentsDAO dao = new CommentsDAO();
					String userID = dao.getUserID(sessionToken);
					String checkinID = dao.getCheckinID(commentID);
					String checkinOwner = dao.getCheckinOwner(checkinID);
					if (checkinOwner.equals(userID)
							|| dao.isCommentOwner(userID, commentID)) {
						dao.deleteComment(commentID);
						dao.closeConnection();
						bean.setSuccess(true);
						return bean;
					} else {
						dao.closeConnection();
						errors.add(Constants.NOT_AUTHORIZED);
					}
				} catch (InstantiationException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (IllegalAccessException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (ClassNotFoundException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (SQLException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				}
			} else
				errors.add(Constants.UNEXPECTED_ERROR);
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setSuccess(false);
		bean.setErrors(errors);
		return bean;
	}

	static public CommentListBean getComments(String sessionToken,
			String checkinID) {

		CommentListBean bean = new CommentListBean();
		ArrayList<String> errors = new ArrayList<String>();
		if (LoginImpl.isSessionValid(sessionToken)
				&& Validators.validateSessionTokenFormat(sessionToken)) {
			if (Validators.validateIDFormat(checkinID)) {
				try {
					CommentsDAO dao = new CommentsDAO();
					String userID = dao.getUserID(sessionToken);
					String checkinOwner = dao.getCheckinOwner(checkinID);
					if (checkinOwner.equals(userID)
							|| dao.isFriend(userID, checkinOwner)
							|| dao.isCheckinOwnerProfilePublic(checkinID)) {
						HashMap<String, String> comments = new HashMap<String, String>();
						comments = dao.selectComments(checkinID);
						HashMap<String, String> venueData = dao
								.getVenueInfo(checkinID);
						comments.put("venueName", venueData.get("venueName"));
						comments.put("venueWebsite",
								venueData.get("venueWebsite"));
						dao.closeConnection();
						bean.setComments(comments);
						bean.setSuccess(true);
						return bean;
					} else {
						dao.closeConnection();
						errors.add(Constants.NOT_AUTHORIZED);
					}
				} catch (InstantiationException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (IllegalAccessException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (ClassNotFoundException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				} catch (SQLException e) {
					errors.add(Constants.UNEXPECTED_ERROR);
				}
			} else
				errors.add(Constants.UNEXPECTED_ERROR);
		} else
			errors.add(Constants.INVALID_SESSION);
		bean.setErrors(errors);
		return bean;
	}
}
